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Amendments to the Qaims; 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

1 . (Oinently amended) A m&thod in a data processing system for dynamically proteaing data from 
damage during execution of proceascs within t he data processing system, the method comprising: 

joumaJing the data to farm joumaled dau, wherein joumaling the data comprises mainUining a 
prgviouB stflto of th e data for sub se quont, optional reatpro of the dnta to th e proviou o otat e s ystem 
^rail that contains activities occurring within the data processinp system during the execution Of th^ 
processes within the data prncessine system: 

dynamically determining whether a virus is present in the data processing system after jovmaling 
of the data has begun; and 

lesponsive to an identification of the virus, restoring the data using die joumaled data. 

2. (Original) The method of claim 1 further comprising: 

responsive to an absence of an identification of the virus, discarding the joumaled data. 

3 . (Original) The method of claim 1 » wherein the determining step comprises; 
perfonning pattern matching. 

4. (Currently amended) The method of claim 3, wherein the performing step includes: 
comparing a set of actions occurring within the data processing system with a set oftaqYTl vilVS 

patterns. 

5< (Currently amended) The method of claim U wherein the data that is joumaled is located in a 
storage device external to the daW processing system- 

6. (Original) The method of claim 1 further comprising: 

recording a sequence of actions occurring within the data processing system, 

\. 

7. (Currently amended) The method claim 1, wherein the data that.is joyrnalrf is data accessed by a 
process within the data processing system, 
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8. (Original) The method of claim 1 furtbeT comprising: 

responsive to an identification of the virus, blocking access to the <lata by a process accessing the 

data. 

9. (Original) The method of claim 1 further comprising: 

responsive to an identification of the virus^ generating an indication balling a process accessing 
the data, 

1 0. (Previously presented) The method of claim 1, wherein the joumaled data h accessed by a single 
process and maintained until a determination is made that the single process is eliminated as a virus 
candidate. 

11. (Original) The method of claim 1. wherein the joumaled data is stored in a protected memory 
accessible only by the method. 

12. (Currently amended) The method of claim 1 1 , wherein the joumaled data is stored in a data 
structure located in a protected memory inaccessible by a process executing w ithin the data processing 
system . 

13. (Currently amended) A method in a data processing system for repairing damage to data, the 
method comprising; 

saving a state of a data object in response to a request to nerform a write access 12 the data object 

by ft process executing o n the data processing system; 

performing pattern matching of a set of actions taken within the data processing system; and 
determining whether an unauthorized intrusion has occurred in response to performing pattern 

matching and if so, initiating a rollback to return the data object back to its saved state* 

14. (Original) The method of clairh 1 3 , wherein the performing step comprises: 
comparing the set of actions to a pattern from a set of patterns to form a comparison; 
determining whether the comparison indicates that the imauthorized intrusion has occurred; and 
responsive to an absence of the unauthorized intrusion, repealing the comparing step using 

another pattern from the set of patterns. 
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15. (Original) The method of claim 13, wheteiti the performing step comprises; 
matching patterns with the set of actions; 

determining whether the unauthorized intrusion has occurred; 
if an intrusion is absent, determining whether a time threshold has been reached; and 
if an absence of a reaching of the tinie threshold is present, repeating the matching step using 
another set of actions. 

16, (Original) The method of claim 14, wherein match between the pattern and the set of actiotis 
identifies an absence of the unauthorized intrusion. 

17. ((Original) The method of claim 14, wherein match between the pattern and the set of actions 
identifies a presence of the unauthorized intrusion. 

18, (Original) The method of claim 13, wherein the intrusion is caused by a virus. 

19. (Original) The method of claim 13, wherein the intrusion is caused by an authorized user input. 

20, (Currently amended) The method of claim 13 further comprising; 

saving a state of all data objects within the data processing ayRtem, wherein the data objects are 
dynamically agceased bv processes a xecutrng within the ^flt^ pmresRinp system. 

21, (Original) The method of claim 13, wherein the data object is located in a storage device external 
to the data processing system, 

22. (Currently amended) An intrusion protection system for use in a data processing system 
comprising: 

a sensor filter, wherein the sensor filter receives requests to access data within the data processing 
system from a process executing within the data ryrocessing system; 

a pattern matcher, wheiein the pattern matcher receives actions initiated by the process, compares 
the actions to a pattern to form a comparison, determines whether an unauthorized intrusion has occurred, 
generates a first indication In response to an identification of an absence of an unauthorized Intrusion, and 
generatea a second indication to restore the data to a prior state in response to an identification of the 
unauthorized intrusion; and 
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a jounialer, wherein the joumaler journals data in response to accessing of the data t>y theprocc^B 
executing w]\h\i\ the data prnnesjttme svatem and restores the data to the prior state in response to the 
indicaUon by the pattern matcher, wherein the data i^ joumalcd until the first indication is generated by 
the pattern matcher. 

23. (Original) The intrusion protection system of claim 22, wherein the intrusion protection system is 
located within an operating system. 

24. (Cunemly amended) A data processing system comprising: 
a bus system; 

a cotmnunications unit connected to the bus system; 

a memory connected to the bus system, wherein the n>emory includes as set of instructions; and 
a processing unit connected to the bus system, wherein the processing unit executes the set of 
instructions to journal the data to form joumaled data, wherein journal the data comprises maintaining a 
pTo^iouo Btot P of th e data for Gubooqugnti opdond rootore of the dato to th e pr&vioua stat e system ftvdU 
trail fhat contains activities occurring within the data process ing system during the execution of tlie 
processes within the datq processing svatem : dynamically determines whether a virus is present in the 
data processing system after joumaling of the data has begun; and restores the data using thejoumaled 
data in response to an identification of the virus, 

25. (Currently amended) A data processing system comprising: 
a bus system; 

a communications unit connected to the bus system; 

a memory connected to the bus system, wherein the memory includes a set of instructions; and 
a processing unit connected to the bus system, wherein the processing unit executes the set of 
instructions to save a state of a data object in response to a request to perform a write access ifi the data 
object by a process executing on the data processing system : perform pattern matching of a set of actions 
taken within the data processing system; and determine whether an uzuuthorized intrusion has occurred in 
response to performing pattern matching and if so, initiate a rollback to return the data object back to its 
saved state. 

26. (Currently amended) A data processing system for dynamically protecting data from damage 
durin g ejfecution of processes within the data processing system, the data processing system comprising: 
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joumaling means for joumaUng the data to form joumaled data, wherein the joumaling means for 
joumalmg the data comprises means for maintainmg a pr e ^louo otate of tho data foi e ^ubfloquant , option nl 
rprjt^n- "f ^^^^ prniimn^ UAiA jtvstem audit trail that contains activities pccurring within the dat^ 
processing avstem during the execution of the processes within the data processing system; 

determining means for dynamically determining whether a virus is present in the data processing 
system after joumaling of the data has begun; and 

restoring means, responsive to an identification of the virus, for restoring the data using the 

joumaled data. 

27. (Original) The data processing system of claim 26 further comprising; 

discarding means, responsive to an absence of an identification of the virus, for discarding the 
Joumaled data* 

28. (Original) The data processing system of claim 26, wherein the determining means comprises: 
means for perfomiing pattern matching. 

29. (Cunently amended) The data processing system of claim 28, wherein the performing means 
includes: 

means for comparing a set of actions occurring within ttte data processing system with a set of 
known virus patterns, 

30. (Currently amended) The dau processing system of claim 26, wherein the data ^hat is ioumaled 
is located in a storage device external to the data processing system. 

3 1 . (Original) The data processing system of claim 26 further comprising: 

recording means for recording a sequence of actions occurring within the data processing system. 

32. (Currency amended) The data processing system claim 26, wherein the data that is ioumaled is 
data accessed by a process within the data processing systcm. 

33. (Original) The data processing system of claim 26 further comprising: 

blocking means, responsive to an identification of the virus, for blocking access to the data by a 
process accessing the data. 
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34. (Origiftdl) The data processing system of claim 26 further comprising: 

generating means, responsive to an identification of the virus, for generating an indication halting 
a process acocfssing the data. 

35. CPreviously presented) The data processing system of claim 26, wherein the joumaled data is 
accessed by a single process and maintained until a determination is made that the single process is 
eliminated as a virus candidate. 

36. (Original) The data processing system of claim 26, wherein the joumaled data Is stored in a 
protected memory accessible only by the method. 

37. (Cunemly amended) The data processing system of claim 36» wherein the joumaled data is 
stored in a data atructiire located in a protected memory inaccessible by the process executing wjthin th? 
data processing system. 

38. (Currently amended) A data processing system for repairing damage to data, the data processing 
system coiiq>rising; 

saving meana for saving a state of a data object in response to a request to pgrfonft ft y^ite access 
is the daU object by a process executing on the data processbig svstemi 

performing means for performing pattern matching of a set of actions taken within the data 
processing system; and 

determining means for determining whether an unauthorized intrusion has occurred in response to 
performing pattern matching; and 

means for initiating a rollback to return the data object back to its saved state if it is determined 
that an unauthorized intrusion has occurred. 

39. (Original) The data processing system of claim 38, wherein the performing means comprises: 
means for comparing the set of actions to a pattern from a set of patterns to form a comparison; 
means for determining whether the comparison indicates ttiat the unauthorized intrusion has 

occurred; and 

nneans, responsive to an absence of the unauthorized intrusion, for repeating the comparing step 
using another pattern from the set of patterns. 
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40, (Original) The data proccssiog system of claim 38, wherein the performing means comprises: 
means for matching patterns with the set of actions; 

means for determining whether the unauthorized intrusion has occurred; 
means, if an intrusion is absent, for determining whether a Ume threshold has been reached; and 
means, if an absence of a reaching of the time threshold is present, for repeating the matching 
step using another set of actions. 

4 1 , (Original) The data processing system of claim 39, wherein match between the pattern and the 
set of actions identifies an absence of the unauthorized intrusion. 

42, (Original) The data processing system of claim 39, wherein match between the pattern and the 
set of actions Identifies a presence of the unauthorized intrusion, 

43, (Original) The data processing system of claim 38, wherein the intrusion is caused by a virus. 

44, (Original) The data processing system of claim 38, wherein the intrusion is caused by an 
authorized user Input* 

45, (Currently amended) The data processing system of claim 38 further comprising: 

saving means fbr saving a state of all data objects within the data processing system, \vhgryin the 
data objects are dynamically accessed bv processe s executing within the data processing 5vstgm> 

46, (Original) The data processing system of claim 38, wherein the data object Is located in a storage 
device exiemal to the data processing system. 

47, (Currently amended) A computer program product in a computer readable medium for 
dynamically pn?tccdng data from damage during execution of proce asea within the data processing 
system, the computer program product comprising: 

first instructions fbrjoumaling the data to form joumaled data, wherein journal ing the data 
comprises maintaining a provipuo otate of th e data for pub& g qu e nt i optional r ea tor& of the data to th e 
praviQun ntat a system audit trail that co n tains aetiyities occurring within the data processing system 
during the cKccution of the processes within the data proceaaing system: 

second instructions for dynamically determining whether a virus is present in the data processing 
system after J oumaling of the data has begun; and 
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third instructions, responsive to an Icfcntiflcaiion of the virus, for restoring the data using the 
joumaled data. 

48. (Original) The computer program product of claim 47 further comprising: 

fourth instructions, responsive to an ahsenco of an identification of the virus, for discarding the 
joumaled data. 

49. (Original) The computer program product of claim 47, wherein the second instructions 
comprises; 

sub-instructions for performing pattern matching. 

50. (Cunemly amended) The computer program product of claim 47, wherein the sub-Instructions 
for performing includes: 

instructions for comparing a set of actions occurring within the data processing system with a set 
of known vlnia patterns. 

51. (Cunemly amended) The wmputcr program product of claim 47, wherein the data that is 
ioum&led is located in a storage device external to the data processing system. 

52. (Original) The computer program product of claim 47 further comprising; 

fourth instructions for recording a sequence of aaions occurring within the data processing 

system. 

53. ((Currently amended) The computer program product claim 47, wherein the data that is joum^l^ 
is data accessed by a process within the data processing system. 

54. (Original) The computer program product of claim 47 fiarthcr comprising: 

fourth instructions* responsive to an identification of the virus, for blocking access to the data by 
a process accessing the data. 

55. (Original) The computer program product of claim 47 ftirther comprising; 

fourth instructions, responsive to an identification of the virus» for generating an indication 
halting a process accessing the data. 
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56, (Previously presented) The computer program product of claim 47, wherein the joumaled data is 
accessed by a single prwess wd maintained until a determination is made that the single process is 
eliminated as a virus candidate. 

57, (Original) The computer program product of claim 47, wherein the joumaled data is stored in a 
protected memory accessible only by the method. 

58. (Currently amended) The computer program product of claim.57, wherein the joumaled data is 
stored in a data structure located in a protected memory inaccessible by the process gxecutinp within t^t 
dataprpcg^sins systein, 

59. (Currently amended) A computer program product in a computer readable medium for repairing 
damage to data, the computer program product comprising; 

fu^ instructions for saving a state of a data object in response to a request to pgfftmn a write 
access to the data object by a process executinjg on the data pr ocessing svstem: 

second instructions for performing pattern matching of a set of actions taken within the data 
processing system; and 

third instructions for determining whether an unauthorized intrusion has occurred in response to 
performing pattern matching; and 

fourth instructions for initiating a rollback to return the data object back to its saved state if it is 
determined that an unauthorized intrusion has occurred. 

60, (Original) The computer program product of claim 59, wherein the second instructions 
comprises: 

first sub-instructions for comparing the set of actions to a pattern from a set of patterns to form a 
comparison; 

second sub-instructions for determining whether the comparison indicates that the unauthorized 
intrusion has occurred; and 

third sub-instnictions, responsive to an absence of the unauthorized intrusion, for repealing the 
comparing step using another pattern from the set of patterns. 

61 . (Original) The con^uter program product of claim 59, wherein the second Instructions 
comprises: 
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first sub-instructions for matching patterns with the set of actions; 
second sutKinstructions for dctennining whethw the unauthorized intrusion has occurred; 
third sub-instructions, if an intrusion is absent, for determining whether a time threshold has been 
reached; and 

fourth sub-instiuctions, if an absence of a reaching of the time threshold is present, for repealing 
the matching step using another set of actions. 

62. (Original) The computer program product of claim 60, wherein match between the pattern and 
the set of actions identifies an absence of the unauthorized intrusion, 

63. (Original) The con:q5uter program product of claim 60, wherein match between the pattern and 
the set of actions identifies a presence of the unauthorized intrusion. 

64. (Original) The computer piogram product of claim 59, wherein the intrusion is caused by a virus, 

65. (Original) The computer program product of claim 59, wherein the intrusion is caused by an 
authorized user input 

66. (Currently amended) The computer program product of claim 59 further comprising: 

fourth instructions for saving a state of all data objects within the data processing systenk^dlSEiO 
the data objects are dynamically accessed b\ processes executin;^ with in the data pncessing system, 

67. (Original) The computer program product of claim 59, wherein the data object is located in a 
storage device external to the data processing system. 
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